A. Area of Invention
This invention relates to a method of producing high security, personalized computer access passwords.
B. Description of Related Art
A password is generally recognized as either a confidential word, phrase, or sequence of alpha-numerics that one must use to gain access to a software location, or a sequence of characters that one must input to a computer keyboard to access a part of a larger system. Passwords generally comprise a combination of numerical, alphabetic or symbolic characters, and are typically chosen by users to form some sequence that is easily remembered by the user. As such, users are often inclined to use character sequences that are already known to them, such as a social security number, telephone number, license plate number, birthday, or password to another system. Such users are also likely to save their passwords in some file within the computer system to thus avoid the possibility of a lockout through forgetting of the password. Both of these characteristics of passwords and their users are exploitable by a determined, sophisticated spy, or agent of a foreign government or hostile political group. Even given sufficient resources, such an agent can input a vast number of characters pertinent to a user's circumstances, or search every file within the computer until the password file is located. In other words, a determined code breaker, equipped with state-of-the-art hardware and software, can penetrate a password consisting of numeric, alphabetic, and/or symbolic characters if the set of each such character are known in advance and the password consists of a finite, repetitive sequence, i.e., a non-changing password.
Common shortcomings to the passwords described above, as well as other drawbacks, exemplify ways in which the theoretical odds of securing or breaking a password are reduced from the usual exceedingly high number to one much lower, to gain unauthorized access to a computer, computer file, communication channel, ATM, or the like. As such, password protection of a computer access means may not provide the security required or desired by the user or owner, particularly where the prospective unauthorized user has unlimited time and access to contemporary decryption software and a mainframe.
A further shortcoming of the prior art is that a system user may, without knowledge, be observed by a spy or adversary and, through observation or recordation the steps of input by the user, the password may be remotely communicated to a criminal or adversary. As such, any effort to defeat such state-of-the-art computer espionage must proceed along at least two axes, namely, a password component which does not include repetitive alpha-numerics or fixed group of symbols and, secondly, an input system in which the password cannot be derived by mere observation of the access inputs of an authorized user.
In one approach of the prior art to this problem, Yamamoto (U.S. Pat. No. 5,928,364) uses one color, selected from a set of red, blue and green, as one variable within a larger graphic password creation system. This is a single-factor authentication tool involving selecting, from a table, a series of colored graphics having selectable colors to serve as a password. The invention involves selecting from a table of “hieroglyphics/characters” a linear sequence of graphics and a selected basic color for each graphic to serve as password registration keys.
Jaeger (US Pub. No. 2004/0034801) creates and uses computer passwords derived from colors and graphic objects. This specific design and graphic features are assigned specific numeric designators by which patented designs and graphic trademarks may then be databased and searched. In Jaeger, the password is formed by selecting one or more of a plurality of objects, one or more colors of this plurality of objects, and a spatial arrangement of the plurality of objects. Jaeger is more complex and costly to implement than this the system.
Caldwell (U.S. Pat. No. 5,465,085) discloses using a grid (rows and columns) in arranging symbols and/or colors as keys to a password. The symbols and/or colors may be entered using a mouse. Details about how a user selects specific colors are not disclosed.
Cottrell (U.S. Pat. No. 5,065,084) lists colors as one variable, co-equal with the use of alphas, numeric, and symbols which may be employed, to create a square matrix-like password screen similar to that of a scrabble board. This approach does not have the encryption power or signature creation sophistication of the present invention.
U.S. Pat. No. 6,720,860 to Narayanaswami, held by IBM, entails a temporally based sequence display of one or more flashing images, spatially arranged on the password screen. One must select the correct icons in the correct sequence to access the protected device.
Another example of a graphical password system appears in U.S. Pat. No. 5,559,961 to Blonder, held by Lucent Technologies, in which the In this patent, the password is derived from so-called “tap regions” in a single display, i.e., to input the password, one must touch or tap predetermined parts of the screen in a predetermined sequence.
Japan Patent Application Publication No. 2003132290 discloses what appears to be a two-factor authentication method involving using a traditional password as one factor and a table of displayed “notations, figures or symbols including a combination of these or a combination of these and colors” as a second factor. The user first enters his or her password. Next, the table or notations, figures, symbols, and colors are displayed to the user for the user to select using a mouse. If all the correct notations, figures, symbols, and colors are selected, the user's authentication is checked against a stored registry.
Japan Patent Application No. 2000003335 discloses a single-factor authentication technique involving selecting a single color from a color wheel as a key for a password. Although it is not clear from the Japanese language text, the invention appears to rely on a traditional input device, such as a mouse, to select the color. The selected color is then compared to a color in the password registry to authenticate the user.
It is in response to the above long felt needs in the art for an improved such password system that the present invention is directed.